#!/bin/bash # ssh config IDENTITY="/root/.ssh/id_rsa" SSH_SOCKET="/run/ssh-tunnel.sock" SSH_USER="root" # network config LOCAL_IP="10.0.0.2" PORTS="5432 20 21 10090:10100" REMOTE_IP="10.0.0.1" REMOTE_EXTIP="185.82.216.108" REMOTE_EXTIF="eth0" # daemon SLEEPTIME="5m" # notifications FROM="server@repo.arcanis.name" TO="darkarcanis@mail.ru" SUBJECT="Server status report" # cmds IFCFG="/sbin/ifconfig" IPT="/sbin/iptables" MAIL="/usr/bin/mail" SSH="/usr/bin/ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \ -o TCPKeepAlive=yes -o ServerAliveInterval=600 -o ServerAliveCountMax=360 \ -o ControlMaster=auto -o PasswordAuthentication=no -i ${IDENTITY} " function send_mail() { local MESSAGE="${1}" echo "${MESSAGE}" | "${MAIL}" -r "${FROM}" -s "${SUBJECT}" "${TO}" } function do_start() { [ -e "${SSH_SOCKET}" ] && rm -f "${SSH_SOCKET}" ${SSH} -M -S "${SSH_SOCKET}" -f -w 0:0 "${SSH_USER}"@"${REMOTE_EXTIP}" \ "${IFCFG}" tun0 "${REMOTE_IP}"/30 pointopoint "${LOCAL_IP}" "${IFCFG}" tun0 "${LOCAL_IP}"/30 pointopoint "${REMOTE_IP}" # send_mail "Tunnel has been started" } function do_stop() { ${SSH} -S "${SSH_SOCKET}" -O exit "${SSH_USER}"@"${REMOTE_EXTIP}" [ -e "${SSH_SOCKET}" ] && rm -f "${SSH_SOCKET}" # send_mail "Tunnel has been stoped" } function do_table() { local PORT="${1}" ${SSH} "${SSH_USER}"@"${REMOTE_EXTIP}" \ "${IPT}" -t nat -A PREROUTING --dst "${REMOTE_EXTIP}" -p tcp --dport "${PORT}" -j DNAT --to-destination "${LOCAL_IP}" ${SSH} "${SSH_USER}"@"${REMOTE_EXTIP}" \ "${IPT}" -t nat -A POSTROUTING --dst "${LOCAL_IP}" -p tcp --dport "${PORT}" -j SNAT --to-source "${REMOTE_IP}" ${SSH} "${SSH_USER}"@"${REMOTE_EXTIP}" \ "${IPT}" -t nat -A OUTPUT --dst "${REMOTE_EXTIP}" -p tcp --dport "${PORT}" -j DNAT --to-destination "${LOCAL_IP}" ${SSH} "${SSH_USER}"@"${REMOTE_EXTIP}" \ "${IPT}" -I FORWARD 1 -i "${REMOTE_EXTIF}" -o tun0 -d "${LOCAL_IP}" -p tcp -m tcp --dport "${PORT}" -j ACCEPT } function do_clear_table() { ${SSH} "${SSH_USER}"@"${REMOTE_EXTIP}" "${IPT}" -t nat -F ${SSH} "${SSH_USER}"@"${REMOTE_EXTIP}" "${IPT}" -t nat -X } function do_add_table() { local PORT for PORT in ${PORTS}; do do_table "${PORT}"; done } function do_restart() { if do_ping; then do_clear_table do_stop fi do_start sleep 2 do_add_table } function do_ping() { ping -c 4 -q "${REMOTE_IP}" &> /dev/null && return 0 || return 1 } function do_daemon() { while true; do sleep "${SLEEPTIME}" echo "Check tunnel" if ! do_ping; then echo "Restart tunnel" do_restart fi done } case "${1}" in start) echo "Start tunnel" do_ping && exit 0 do_start sleep 2 do_add_table ;; stop) echo "Stop tunnel" do_ping || exit 0 do_clear_table do_stop ;; restart) echo "Restart tunnel" if do_ping; then do_restart else do_start sleep 2 do_add_table fi ;; ping) if do_ping; then echo "Active" exit 0 else echo "Inactive" exit 1 fi ;; check) if ! do_ping; then echo "Restart tunnel" do_restart fi ;; daemon) do_daemon ;; *) echo "Usage tunctl start|stop|restart|ping|check|daemon" exit 1 ;; esac exit 0